Green Room

Too bad to check: HHS stole web scripting for Healthcare.gov?

So says our friend Jeryl Bier at The Weekly Standard, and so does the apparent victim of the copyright infringement:

Healthcare.gov, the federal government’s Obamacare website, has been under heavy criticism from friend and foe alike during its first two weeks of open enrollment. Repeated errors and delays have prevented many users from even establishing an account, and outside web designers have roundly panned the structure and coding of the site as amateurish and sloppy. The latest indication of the haphazard way in which Healthcare.gov was developed is the uncredited use of a copyrighted web script for a data function used by the site, a violation of the licensing agreement for the software.

DataTables is free, open source software that you can download and use for whatever purpose you wish, on any and as many sites you want. It is free for you to use! DataTables is available under two licenses: GPL v2 license or a BSD (3-point) license, with which you must comply (to do this, basically keep the copyright notices in the software).

They didn’t, though, and now Spry Media says they will take this up with HHS, and possibly their attorneys. Be sure to read the rest of Jeryl’s post for why the theft is blatant and obvious. But here’s a question to ponder as you do: does Spry Media really want to claim partial ownership of the worst web rollout in history?

Blowback

Note from Hot Air management: This section is for comments from Hot Air's community of registered readers. Please don't assume that Hot Air management agrees with or otherwise endorses any particular comment just because we let it stand. A reminder: Anyone who fails to comply with our terms of use may lose their posting privilege.

I work in software, and build large scale websites for a living. There’s no way I’d trust any of my personal data with this system. Dozens of tiny, public problems are strongly indicative of major, undisclosed problems. If you’re not doing your diligence with legal attribution of open source software, you’re probably not conducting standard security and privacy reviews as well.

They need to open source this software now and get some eyes on it, otherwise we’re in a “just trust us, we’re handling your private data responsibly” mode with nothing to back it up. I’ve seen too many companies in that mode get shattered by one anonymous hacker.

Ace mentions that they actually removed not only the copyright, but also the bit of commenting that says you have to keep the copyright. However…
.
.
.
.
.
.
.They failed to delete ALL THE OTHER COMMENTING IN THE CODE, which enabled the company to say “yep, that’s our stuff.” *facepalm*

‘Facing such intense opposition from congressional Republicans, the administration was in a bunker mentality as it built the enrollment system, one former administration official said. Officials feared that if they called on outsiders to help with the technical details of how to run a commerce website, those companies could be subpoenaed by Hill Republicans, the former aide said. So the task fell to trusted campaign tech experts.’

I stopped over to Spry Media’s DataTables webpage and the script works fine over there. I was expecting something that would slow down my browser, ’cause it’s “a very long and complex piece of website software” (do they call scripts “software”?) but it came up really quick and is very responsive. The table is really nifty and flexible. I can see why those building the healthcare.gov software might want to use it.

So why leave off the copyright notice on a free piece of software? Who knows. But my first guess is because someone took credit for writing it. When you are charging 100’s of millions of dollars for the best piece of coding EVER, there just has to be a lot of it to admire. And what’s the fastest way to create a huge software program? Copy it.

does Spry Media really want to claim partial ownership of the worst web rollout in history?

More than likely they just want the administration to comply with standard, accepted rules and agreements. They may also want to counter any charges, accusations, or criticism of their routines (software) with public corrections of misused and incorrectly applied scripts.

Officials feared that if they called on outsiders to help with the technical details of how to run a commerce website, those companies could be subpoenaed by Hill Republicans, the former aide said. So the task fell to trusted campaign tech experts.’

– Politico, T

Why would they care if the companies were subpoenaed unless they were asking them to do something illegal/immoral/unethical?

The wierdest thing is, they didn’t even use the most updated version, either. If you look at the link, HHS is using version 1.9.1. But the latest version is 1.9.4. Not sure what the difference is in the two, but one would think that if you are going to use software, the most updated version would be the one that would work best. That is of course…unless you didn’t want it to work properly.

Maybe that is why it was ten years old.

No, they shouldn’t claim partial ownership. But they sure as hell will be getting paid for their software being illegally used. I hope they rake the administration over the coals on this one.

Given that this system will be handling, retrieving, moving, storing and modifying people’s most sensitive and private information, does anyone have standing at this time to sue the federal government, perhaps preemptively, for the system being a POS disaster?

Will our privacy have to be subjected to actual damage before anything can be done to force the system to be proven and tested compliant with the HIPAA Security Rule and other pertinent regulations and laws?

This thing is going to be hacked and I suspect it may go unnoticed for some time. Further, given our new government’s penchant for spying on us, I suspect there is a lot going on inside the system that the administration does not want us to know about.

Is there anyway to use the courts to publicly force the administration to prove Obamacare is compliant with all privacy and security laws and regulations before proceeding?